Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to your Omnivoo account. With 2FA enabled, logging in requires both your email OTP and a code from your authenticator app, making it significantly harder for anyone else to access your account.

Why Use 2FA?

Omnivoo handles sensitive data -- payroll, tax information, bank accounts, and government IDs. Even though Omnivoo's passwordless login is already secure, 2FA provides additional protection:

• If your email is compromised, an attacker still cannot log in without your authenticator app.
• Compliance requirements in some organizations mandate 2FA for systems handling financial data.
• Peace of mind knowing your account has a second line of defense.

info

2FA is optional for all users but strongly recommended, especially for employer accounts with admin-level access.

Enabling 2FA

1. Log in to your Omnivoo account.
2. Click your name or avatar in the top-right corner and select Profile Settings.
3. Go to the Security tab.
4. In the Two-Factor Authentication section, click Enable 2FA.
5. A QR code is displayed on screen.
6. Open your authenticator app (Google Authenticator, Authy, Microsoft Authenticator, or any TOTP-compatible app) and scan the QR code.
7. Your authenticator app generates a 6-digit code that refreshes every 30 seconds.
8. Enter the current 6-digit code from your authenticator app into the verification field.
9. Click Verify.

Once verified, 2FA is active on your account and you will receive a set of recovery codes.

tip

If you cannot scan the QR code, click Enter setup key manually to get a text-based setup key you can type into your authenticator app.

Recovery Codes

After enabling 2FA, Omnivoo generates a set of one-time recovery codes. These codes are your backup if you lose access to your authenticator app.

What recovery codes are

• Each code can be used exactly once as a substitute for your authenticator code during login.
• There are typically 10 codes generated at a time.
• Once a code is used, it is permanently consumed and cannot be reused.

Saving your recovery codes

1. After enabling 2FA, your recovery codes are displayed on screen.
2. Click Download to save them as a text file, or Copy to copy them to your clipboard.
3. Store them in a secure location -- a password manager, a locked file, or printed and stored physically.

warning

If you lose both your authenticator app and your recovery codes, you will need to contact Omnivoo support to regain access to your account. This process requires identity verification and may take time. Save your recovery codes securely.

Regenerating recovery codes

If you have used several recovery codes or suspect they have been compromised:

1. Go to Profile Settings > Security > Two-Factor Authentication.
2. Click Regenerate Recovery Codes.
3. Enter your current authenticator code to confirm.
4. A new set of codes is generated. Your old codes are immediately invalidated.
5. Download or copy the new codes and store them securely.

Logging In with 2FA

Once 2FA is enabled, your login flow adds one step:

1. Enter your email on the login page.
2. Enter the 6-digit OTP sent to your email (or use Google OAuth).
3. Enter your authenticator code -- open your authenticator app and type the current 6-digit code.
4. You are logged in.

Using a recovery code instead

If you do not have access to your authenticator app:

1. On the 2FA verification screen, click Use a recovery code.
2. Enter one of your unused recovery codes.
3. You are logged in.

tip

After using a recovery code to log in, set up your authenticator app again as soon as possible. Each recovery code can only be used once, and you have a limited number of them.

Disabling 2FA

If you need to turn off two-factor authentication:

1. Go to Profile Settings > Security > Two-Factor Authentication.
2. Click Disable 2FA.
3. Enter your current authenticator code to confirm.
4. 2FA is removed from your account.

After disabling, you will only need your email OTP (or Google OAuth) to log in. Your recovery codes are invalidated.

warning

Disabling 2FA reduces the security of your account. Only disable it if you have a specific reason, and consider re-enabling it once the issue is resolved.

Changing Your Authenticator App

If you are switching to a new phone or a different authenticator app:

1. Disable 2FA on your Omnivoo account (requires your current authenticator code).
2. Set up the new authenticator app on your new device.
3. Re-enable 2FA and scan the new QR code with your new app.
4. Save your new set of recovery codes.

Frequently Asked Questions

Can I use any authenticator app? Yes. Any app that supports TOTP (Time-based One-Time Passwords) works. Popular options include Google Authenticator, Authy, Microsoft Authenticator, and 1Password.

What if my phone's time is wrong? TOTP codes depend on accurate time. If your codes are not being accepted, check that your phone's clock is set to automatic (synced with network time).

Is 2FA required? 2FA is optional for all users. Your organization's admin may choose to require it -- if so, you will be prompted to set it up on your next login.